At Neon, we take pride in being GDPR-compliant. We adhere to the regulation’s strict standards, providing our customers with the tools and confidence to manage and protect personal data effectively. In this post, we’ll help you better understand what GDPR entails and how Neon ensures compliance.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) to regulate how personal data of EU citizens is collected, processed, and stored. Introduced in 2018, it aims to strengthen privacy rights by ensuring individuals have greater control over their personal data while holding organizations accountable for protecting it.

In addition to providing individuals with rights like data access, rectification, and erasure (commonly known as the “right to be forgotten”), GDPR also emphasizes accountability. Companies are required to demonstrate compliance through measures such as conducting data protection impact assessments (DPIAs), maintaining detailed records of processing activities, and appointing Data Protection Officers (DPOs) in certain cases.

Organizations that fail to comply with GDPR may face significant penalties, including fines of up to €20 million or 4% of their global annual revenue, whichever is higher. The law applies not only to EU-based companies but also to any organization worldwide that processes the personal data of EU citizens.

What classifies as Personal Data under GDPR?

Under GDPR definitions, personal data includes any information relating to an identified or identifiable natural person. This encompasses data that directly or indirectly identifies a person, such as:

• Name
• Address
• Email address
• Phone number
• IP address
• Online behavior and browsing history

How does Neon fit into your GDPR compliance?

If you plan on storing Personal Data, such as customer names, email addresses, or other identifiable information in Neon’s platform, we play a crucial role in helping you maintain GDPR compliance. Neon ensures that all data is processed and secured according to GDPR’s strict standards, providing you with a reliable and secure foundation for managing personal data.

Neon as a Subprocessor

When you use Neon as your database and store Personal Data, we act as a subprocessor. This means we process data on behalf of your organization.

As a subprocessor, Neon is responsible for ensuring that our systems, processes, and policies meet GDPR’s stringent requirements for data security and privacy. A Data Processing Agreement is used to legally document both our obligations to meet GDPR compliance.

A closer look at Neon’s Data Processing Agreement

By becoming a Neon customer, you automatically benefit from a GDPR-compliant DPA embedded in our terms of service or master service agreement. For added peace of mind, when you become a customer, you can also download and separately sign our DPA at neon.tech/dpa. This option allows you to maintain a formal, signed agreement for your records or internal compliance needs.

Neon’s DPA covers the following:

1. Data Protection Safeguards: Commitments to secure the data you store with Neon, including encryption, access controls, and regular security audits.
2. Support for GDPR Rights: Assistance in fulfilling GDPR obligations, such as responding to data subject access requests, enabling data deletion under the “right to be forgotten,” and facilitating data portability.
3. Breach Notification Protocols: A promise to notify you promptly in the unlikely event of a data breach involving personal data.
4. Subprocessing Accountability: Transparency regarding any third-party subprocessors engaged by Neon and ensuring their compliance with GDPR. More information on our subprocessors can be found here https://neon.tech/subprocessors 
5. Comprehensive GDPR Alignment: Our DPA ensures that all data processing activities align with GDPR requirements, helping you demonstrate compliance and protect personal data effectively.
6. Facilitating International Data Transfers: Neon relies on the Data Privacy Framework to enable lawful and secure transfer of personal data. This framework ensures compliance with GDPR’s cross-border data transfer requirements, providing customers with the confidence to store and process data globally while remaining fully compliant. More information can be found in our Privacy Guide https://neon.tech/privacy-guide 
7. Security and Accountability: The DPA includes a legal commitment to ensure robust security measures such as encryption, access controls, and breach notification protocols, ensuring your data is protected at all times. A full and detailed analysis on our security features can be found at https://neon.tech/docs/security/security-overview
8. Clear Roles and Responsibilities: The DPA clearly defines the roles of Neon as the data processor and our customers as data controllers, ensuring clarity and accountability throughout the data lifecycle.

Which security measures does Neon implement to support GDPR compliance?

At Neon, data security is integral to supporting your GDPR compliance. We implement measures that align with GDPR’s stringent requirements, including:

1. Encryption: All personal data is encrypted both at rest and in transit using industry-standard encryption protocols to ensure its confidentiality and integrity.
2. Access Controls: Strict access management policies ensure that only authorized personnel can access personal data.
3. Monitoring and Auditing: Continuous security monitoring and regular audits verify compliance with GDPR data protection standards.
4. Incident Response: In the unlikely event of a data breach involving personal data, Neon follows a GDPR-compliant notification protocol, informing affected customers promptly, typically within 72 hours.

Simplify your path to GDPR compliance

By choosing Neon, you simplify your path to GDPR compliance. Our platform is designed with robust data protection measures that align with GDPR standards, reducing the compliance burden on your organization.

For more information on how Neon supports your compliance efforts, please visit:

• Trust Center: https://trust.neon.tech/
• Privacy Guide: https://neon.tech/privacy-guide
• Security Overview: https://neon.tech/docs/security/security-overview
• Data Processing Agreement: https://neon.tech/dpa